Provided by: lynis_3.0.7-1_all bug

NAME

        Lynis - System and security auditing tool

SYNOPSIS

       lynis [scan mode] [other options]

DESCRIPTION

       Lynis  is  a security auditing tool for Linux, macOS, and other systems based on UNIX. The
       tool checks the system and the software configuration, to see if there  is  any  room  for
       improvement  the  security  defenses.  All  details are stored in a log file. Findings and
       other discovered data is stored in a report file.  This can be used to compare differences
       between  audits. Lynis can run interactively or as a cronjob. Root permissions (e.g. sudo)
       are not required, however provide more details during the audit.

       The following system areas may be checked:

              - Boot loader files

              - Configuration files

              - Software packages

              - Directories and files related to logging and auditing

FIRST TIME USAGE

       When running Lynis for the first time, run: lynis audit system

COMMANDS

       audit <type>
              Perform an audit of the selected type

       upload-only
              Upload the available report data file

              See HELPERS section for more commands.

SCAN TYPES

       audit system
              Performs a system audit, which is the most common audit.

       audit system remote <host>
              Provide commands to do a remote scan.

       For more scan modes, see the helper utilities.

OPTIONS

       --auditor <name>
              Define the name of the auditor/pentester. When a full  name  is  used,  add  double
              quotes, like "Your Name".

       --cronjob
              Perform automatic scan with cron safe options (no colors, no questions, no breaks).

       --debug
              Display debug information to screen for troubleshooting purposes.

       --developer
              Display detailed information useful for developers when creating tests.

       --forensics
              Perform the audit on a running or mounted system (see --rootdir)

       --help Show available commands and most-used options.

       --logfile </path/to/logfile>
              Defines location and name of log file, instead of default /var/log/lynis.log.

       --man  Show the man page. Useful for systems that do not have the man page installed.

       --no-colors
              Disable colored output.

       --no-log
              Redirect all logging information to /dev/null, prevents sensitive information to be
              written to disk.

       --no-plugins
              Do not run any of the enabled plugins.

       --pentest
              Run a non-privileged scan, usually used for penetration testing. Some of the  tests
              will be skipped if they require root permissions.

       --plugin-dir </path/to/plugins>
              Define location where plugins can be found.

       --profile <file>
              Provide alternative profile to perform the scan.

       --quick (-Q)
              Do a quick scan (default: don't wait for user input).

       --quiet (-q)
              Run quietly and do not show anything to the screen. Will also enable quick mode.

       --report-file <file>
              Provide an alternative name for report file.

       --reverse-colors
              Optimize screen output for light backgrounds.

       --tests TEST-IDs
              Only  run  the  specific  test(s). When using multiple tests, add quotes around the
              line.

       --tests-from-category <category>
              Tests are only performed if they belong to the defined category.  Use  the  command
               'show categories' to determine all valid options.

       --tests-from-group <group>
              Similar  to --tests-from-category. Only perform tests from a particular group.  Use
              'show groups' to determine valid options.

       --use-cwd
              Run from the current working directory.

       --upload
              Upload data to Lynis Enterprise server (profile option: upload=yes).

       --verbose
              Show more details on screen, such as components that could not found. These details
              are hidden by default.

       --wait Wait  for  user  to  continue.  This  adds  a  break after each section (opposed of
              --quick).

       --warnings-only
              Run quietly, except show warnings.

              Multiple parameters are allowed, though some parameters can only be  used  together
              with  others. When running Lynis without any parameters, help will be shown and the
              program will exit.

HELPERS

       Lynis has special helpers to do certain tasks. This way the framework of  Lynis  is  used,
       while  at the same time storing most of the functionality in a separated file. This speeds
       up execution and keeps the code clean.

       audit  Run audit on the system or on other targets

       configure <parameter>
              Change or add settings to the config file

       generate <parameter>
              Generate specific details such as host IDs

       show <parameter>
              Show information, such as configuration and paths

       update <parameter>
              Perform activities regarding updating

       To use a helper, run 'lynis' followed by the helper name.

EXIT CODES

       Lynis uses exit codes to signal any invoking script. Currently  the  following  codes  are
       used:

       0      Program exited normally

       1      Fatal error

       64     An unknown parameter is used, or incomplete

       65     Incorrect data encountered

       66     Can't open file or directory

       78     Lynis   found   1  or  more  warnings  or  configurations  errors  (with  error-on-
              warnings=yes)

BUGS

       Bugs  can   be   reported   via   GitHub   at   https://github.com/CISOfy/lynis   or   via
       support@cisofy.com

DOCUMENTATION

       Supporting documentation can be found via https://cisofy.com/support/

LICENSING

       Lynis is licensed as GPLv3. The tool was created by Michael Boelen in 2007. Since 2013 its
       development has been taken over by CISOfy under the management of Michael Boelen.  Plugins
       may have a different license.

CONTACT INFORMATION

       Support  requests  and  project  related  questions  can  be  addressed via e-mail: lynis-
       dev@cisofy.com.